In a SQL Server 2008 R2 database, I created a user login with:
Server Role: Public
User Mapping: master, model, msdb
Database Role Membership db_datareader, public
When I use with new user login to connect it connects and I can run update, create commands. Which I don't want to run.
The same setting I tried in SQL Server 2012. It didn't allowed me to run update and create commands.
I get an error :
CREATE TABLE permission denied in database 'TEMP'.
In SQL Server 2012 I have a different database.
Please give solution
I have followed this https://www.itsupportguides.com/server-side-tips/sql-management-studio-how-to-create-read-only-users/
for this Login
mark SERVER Role for following Databases as db_DenyDataReader , and db_DenyDatawriter
Related
I need to create a login on a server that will have access to all databases on this server.
I have two azure servers: production and stage. I make a copy of a database from prod server on stage server. Then I need to do insert some test data in this new copied database.
The copying process is made on runbooks in azure automation account so every time I want to execute SQL script on a database I need to provide a login&password to a server.
If I create a login TestLogin on stage server and then copy database from prod server to stage, then this login does not have access to a new db. Thus, I need to login as administrator and create a TestUser in this new database for TestLogin.
This does not work for Azure:
GRANT CONTROL SERVER TO TestLogin;
Is there any way I can grant a TestLogin all rights so that it can have access to all the databases on server?
When you create a login in one instance of SQL Server and assign any roles to this user on a specific database, and then copy the database to another SQL Server instance, you have this user in the database, but no login for that user in the second SQL Server. This is also called an "orphaned user". Here is an article that describes how to fix that.
This does not work on Azure. You have to use ALTER USER instead.
As you said in comment, you must login with admin, then you have the permission to alter the new user in master DB, set the user as DB manager or db_owner.
If you only create new login or user and don't give it more permission, this login/user only and login the Database but can't access no database.
Fore details, please see Controlling and granting database access to SQL Database and SQL Data Warehouse.
Hope this helps.
I am using SQL Server Management Studio v17.9.1. I followed guide of this post to use below command but failed with error.
REVOKE VIEW ANY DATABASE FROM PUBLIC
Securable class 'server' not supported in this version of SQL Server.
I tried below code as well with same error:
USE master;
GO
DENY VIEW ANY DATABASE TO TestUser;
GO
What's wrong for this?
In Azure SQL Database (and on-prem contained databases), users can be authenticate at the database level without a server-level login. For example, in the context of the Team1 database:
CREATE User Team1User WITH PASSWORD='<complex-password-here>';
And similarly for the other database:
CREATE User Team2User WITH PASSWORD='<complex-password-here>';
Users must specify the desired database when connecting and the sys.databases catalog view return only the current database.
I installed Sql Server on a server in a company I used to work for.
I left the company - and rejoined a year later - and now I have a different domain login.
I've logged on to the server again, and in SSMS tried to create a new database - however I get the error:
create database permission denied in database 'master'
I have tried changing permission and adding DBCreator to BuiltInUsers and to SA - and also tried adding my new domain name to the security section - but when I try to add DBCreator to my user name, I get the error:
Cannot alter the server role 'dbcreator' because it does not exist or you do not have permission
Is there any way I can take control of the Sql Server instance again, to allow me to create new databases?
Thanks for any help,
Mark
I faced this problem when I made another SQL user which I login with, and I tried to give this user [dbcreator] grant.
I solved this via
runnig sql server as administrator
switching to my windows authentication.
going to folder Security -> Logins and double click on my new sql login user.
selecting Server roles and give grant to my user.
I have created Logins in Azure SQL via SSMS on two other environments, but on the third Azure SQL Server, the same exact SQL command creates logins but they don't show in SSMS. I am using these Logins to then users for databases. As I have stated it has worked on every other Azure SQL Server.
However, when I create my Logins, they don't show up under Security > Logins and if I try to create user for the db, I get the following error:
'myuser' is not a valid login or you do not have permission.
Here is my SQL to create the Login:
CREATE LOGIN myuser WITH PASSWORD = 'p#ssword';
Here is my SQL I run on a selected database to add the above created user with execute rights:
CREATE USER [myuser] FROM LOGIN [myuser];
GRANT EXECUTE TO [myuser]
To be clear, the Login (first SQL) said that it is created, but it doesn't show in SSMS and doesn't allow me to create Users in the DBs
I logged into SQL Server 2008 via SQL Server Management Studio using Windows admin account. When I run the command (ALTER LOGIN sa ENABLE) I get the following error.
Cannot alter the login 'sa', because it does not exist or you do not have permission.
You account doesn't have permissions. It isn't sysadmin.
CREATE DATABASE requires
Requires CREATE DATABASE, CREATE ANY DATABASE, or ALTER ANY DATABASE permission.
This is (legacy SQL Server 2000 lingo):
sysadmin
dbcreator
If the account is "end user" consider wrapping the call in a stored procedure to hide the permissiosn escalation
Edit, after question update
sa is always sa; you can't disable it as such
You need to grant some permissions to the Windows account using GRANT
Follow the advices in this article:
http://blogs.msdn.com/b/dparys/archive/2009/09/17/create-database-permission-denied-in-database-master-my-fix.aspx
EDIT: The whole question changed!